Spring wants to change the way people shop and the way brands interact with customers. The company was founded in 2013 with the vision to build a digital alternative to traditional brick and mortar retailers: we’re the store that never closes, is available wherever you are in the world, and has impeccable customer service from when you first open the app, to when your purchase arrives at your front door. We’re not constrained by challenges that traditional online retailers face, so we’re delivering a shopping experience that puts our customers first.
Spring is a tech-first company. As such, our engineering organization provides the foundation on which our business is built. It leverages that platform to deliver great products to our suppliers and customers.
As Spring’s first Security Engineer you’ll be responsible for shaping Spring’s security efforts across our infrastructure and company. This is a hands-on technical position where you will work closely with our engineering and product teams to ensure security is built from the ground up. Our customers are a huge part of who we are as a company. As we continue to scale, you will help ensure that our customers' data remains secure.
What you will do:
- Take ownership over third party security tooling and evaluate new ones
- Work with engineering to integrate security best practices into the development process
- Ensure our continued PCI compliance
- Develop and deliver company-wide security training
- Lead security incident responses and investigations
- Define security policies and best practices
- Respond to our partners' requests on the security of our infrastructure
- Perform application security reviews and penetration testing
- Manage third party securityvendor relationships
What you need to have:
- Prior experience working as a Security Engineer, start up experience is a big plus!
- Strong experience in secure coding practices of web applications and iOS applications
- Familiarity with OWASP Top 10 Vulnerabilities - you should know how to detect them and defend against them
- Experience building secure architectures on AWS
- Be comfortable using and securing Linux (we use Ubuntu)
- Knowledge of system vulnerabilities and remediations
- Experience in vulnerability assessments and threat modeling
- An understanding that security is not just saying 'no', but it's also working with product and engineering on best practices